From 6096ed1109a0d5a62a844552fee500ebe66071c8 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Fri, 26 Jul 2024 10:26:43 -0400
Subject: [PATCH] comment

---
 usr/bin/permission-hardener | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr/bin/permission-hardener b/usr/bin/permission-hardener
index 834aaf5..2818560 100755
--- a/usr/bin/permission-hardener
+++ b/usr/bin/permission-hardener
@@ -179,6 +179,10 @@ add_nosuid_statoverride_entry() {
   done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
   ## False positive on SC2185 (find without path argument) #1748
   ## https://github.com/koalaman/shellcheck/issues/1748
+  ##
+  ## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'.
+  ## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
+  ## https://forums.whonix.org/t/disable-suid-binaries/7706/17
 
   local line
   while IFS="" read -r -d "" file_name; do
@@ -328,10 +332,6 @@ add_nosuid_statoverride_entry() {
     ## Not using --update as this is only for recording.
     # shellcheck disable=SC2086
     echo_wrapper_audit silent dpkg-statoverride ${dpkg_admindir_parameter_new_mode} --add "${existing_owner}" "${existing_group}" "${new_mode}" "${file_name}"
-
-    ## /usr/lib will hit ARG_MAX if using bash 'shopt -s globstar' and '/usr/lib/**'.
-    ## Using 'find' with '-perm /u=s,g=s' is faster and avoids ARG_MAX.
-    ## https://forums.whonix.org/t/disable-suid-binaries/7706/17
   done < <(safe_echo_nonewline "${fso_to_process}" | find -files0-from - -perm /u=s,g=s -print0)
 
   ## Sanity test.